by Brian Focht | Mar 10, 2023 | Data Privacy & Protection, Identity Theft, Small Business Cybersecurity
You’ve probably heard stories like this one before: A person in a business is supposed to send a wire transfer to another business. They receive an email at the last minute, often with a panicked tone, making an urgent request – their primary bank account is unavailable, so the money will need to be sent to a different bank.
The email is from a recognized email address. It looks like their emails (with all the right typos and grammatical mistakes), and even “sounds” like them. The panicked tone and urgent demand put the reader into emergency mode – changes will have to be made quickly to get this transfer done on time. Both management and the receiving company will likely appreciate the hard work.
The money is sent, but later that day a representative from the other company calls asking about the money. It was never received. Because the new wiring instructions caused the funds to be sent to an account controlled by a hacker. And absent a miracle, it’s gone.
The email looked right. It even felt right. But it wasn’t. It was sent by a hacker. It was the result of a Business Email Compromise.
In this episode, we discuss:
- What is a Business Email Compromise;
- What can a hacker who gains access to a business email account do with it;
- Why BEC scams have become so common and so lucrative; and
- How can you protect yourself against these insidious, relentless attacks?
For more information, resources, and a full transcript of this episode, check out the original post.
by Brian Focht | Mar 3, 2023 | Cybersecurity Tools, Products, & Services, Data Privacy & Protection, Small Business Cybersecurity
Proving who you are is the primary goal of most cybersecurity systems. The best way to accomplish that task is through Multi-Factor Authentication.
The primary purpose of cybersecurity systems is to protect data from those who are not authorized to get it. Therefore, the very first thing any cybersecurity system does is make sure that you are who you say you are.
The authentication process has evolved over time, from basic login information to complex passwords, and now includes authentication apps and biometrics. However, to best protect your authentication system, it’s important to rely on more than one method.
Multi-Factor Authentication takes advantage of different methods of authentication to limit the likelihood that a bad actor can penetrate your systems. Some systems are better than others, though. How does your process measure up?
In this episode, we discuss:
- The three types of authentication that Multi-Factor Authentication relies on – something you know, something you have, and something you are;
- What types of authentication are presently available to use, and which categories they fall under;
- Which authentication methods are more secure than others; and
- Where multi-factor authentication, while important, is not sufficient alone to protect you from cyber threats.
For more information, resources, and a complete transcript of this episode, check out the original post.
by Brian Focht | Feb 17, 2023 | Cybersecurity Tools, Products, & Services, Small Business Cybersecurity
In today’s digital age, small businesses rely on data to run their operations and make critical business and operational decisions. But with so much data being stored on a company’s computers, servers, and other devices, it’s important to have a plan in place to protect that data from loss or damage. Too often, we think myopically about “protecting” data – as though the only threats come from hackers or cyberthreats. Other risks also threaten your company’s critical information too, like severe weather disasters and run-of-the-mill employee mistakes or bad luck. Protecting your data requires a solution tailored to your needs: a provider that specializes in cloud backup for small business.
You need to protect the data itself. Make sure that it’s kept physically apart from your digital and electronic infrastructure at your physical locations. That’s where cloud backup comes in.
Cloud backup is a type of data backup that stores a copy of your data in the cloud, or on remote servers accessed via the internet. This provides a secure, off-site backup of your data that you can access from anywhere with an internet connection.
Cloud Backup for Small Business needs to: (more…)
by Brian Focht | Feb 10, 2023 | Cybersecurity Tools, Products, & Services, Data Privacy & Protection, Improving Your Cybersecurity
4 Basic Concepts. 15 minutes. That’s it.
That’s all the time you need to understand how encryption works in the modern ecosystem. It’s an important tool for protecting data, it’s required by countless laws, regulations, rules, and contracts. But do you really know how it works?
If you don’t understand how encryption works, how can you possibly be expected to know what level of encryption you need? Or even what level of encryption is even desirable?
In this episode of the Fearless Paranoia podcast, we guide you through what you need to know about encryption. There are a lot of terms and jargon thrown around in cybersecurity, and one of the most commonly used is encryption. You’ll hear advertising of RSA or AES encryption, promotion of transitioning from 128-bit to 256-bit, and entire campaigns about how the newest system relies on (random 5-letter acronym) instead of 256-bit encryption.
Yet very few people actually stop to talk about what those things mean. We will give you a baseline understanding of encryption so that you can make informed decisions about what kind of encryption you need.
In this episode, we discuss:
- The three essential components of any encryption system;
- The difference between symmetric and asymmetric encryption, including when you’re most likely to encounter each one;
- The common misunderstanding that encryption and “hashing” are the same thing; and
- What it means when someone describes a 128-bit vs. 256-bit encryption algorithm.
For more information, resources, and a transcript of this episode, check out the original post.
by Brian Focht | Jan 13, 2023 | Improving Your Cybersecurity, Policies & Procedures, Small Business Cybersecurity
Zero Trust is one of the most popular phrases thrown about by cybersecurity professionals and – more importantly – thrown into cybersecurity sales pitches these days. It’s obviously important, and it’s obviously something you want. But what is it? Is it really something you need?
And, critically, how much does it cost?
In this episode of the Fearless Paranoia podcast, we talk about what zero trust cybersecurity really is. We separate the reality from the storytelling and marketing pitches. We break down the three key elements of a zero-trust cybersecurity environment, and provide helpful ways to implement nearly the entirety of the zero-trust framework with little-to-no actual cost.
For more information, a transcript of this episode, and helpful resources, check out the original post.
by Brian Focht | Jan 6, 2023 | Improving Your Cybersecurity, Policies & Procedures, Recovering from a Data Breach
There are a lot of ways to measure the impact – and relative success – of a cybersecurity program. There are tests you can run to determine how effectively your employees are adopting defenses to phishing emails. There are table-top exercises to determine your ability to defend against an attack. There are even ways to compare the costs of your cybersecurity against others in your industry.
But the best way to measure the effectiveness of your cybersecurity is in your cyber resilience – how quickly, effectively, and completely you recover from an attack.
In this episode of the Fearless Paranoia podcast, we discuss what it means to have cyber resilience, including what it means to be resilient, and how you can focus your planning and procedures to make sure that resilience is a primary goal. Remember, even the best cybersecurity can’t guarantee to keep out every potential threat. Are you ready in case today is the day your cybersecurity fails?
For more information, resources, and a transcript of this episode, check out the original post.
